Is the data you use to train your AI really as safe as you think?
AI and neural networks are spreading throughout society. This growth is partially driven by the large amount of data fed to these systems during their training process. Oftentimes this data is private and sensitive in nature, for example including user data or patient records. The prevailing belief is that once the models are trained, the training data cannot be accessed through the model alone. But is this really the case?
The fact that AI systems generally react differently to training data and new data has created a novel research field and several methods which allow a potential attacker to infer information about unknown training data. For example it’s possible to learn about gender biases, check if the training included a particular image or even to fully recreate the training data.
The National Forensic Center (NFC) has performed a research project regarding recreating training data from image classifiers and will be presenting the results and the state of the art techniques.
About the speaker
Elliot Gestrin is a student at Linköping University, chairman of the university’s AI and Robotics association FIA and has worked for NFC this summer.
Goto 10 är en arena där individer och organisationer kan dela kunskap, idéer och perspektiv. Detta event speglar arrangörens åsikter och delas inte nödvändigtvis av oss på Goto 10 och Internetstiftelsen. På Goto 10 får idéer och kunskap testas, diskuteras och utvecklas så länge de följer våra riktlinjer.